Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Albert
New Contributor

FSSO issue

Hi

 

I have fortigate 80c v5.2.5

I have followed the below link instruction and successfully configured FSSO.

https://www.youtube.com/watch?v=0DUqspQ3pzo

 

But when testing the policy on users’ computer nothing happen and the users skip this policy although I tried with AD username, group and even with adding the entire OU.

Another thing; when I went to “User & Device” > “Monitor” > “Firewall” > “Show all FSSO Logons” I found nothing!

 

FortiGate_80C  # diag debug fsso-polling detail  polling frequency: every 10 second(s) success(0), fail(10) LDAP query: success(0), fail(0) LDAP max group query period(seconds): 0 most recent connection status: err: server can not be accessible

 

FortiGate_80C # diagnose debug fsso-polling summary global:     logon: 0 current vdom: root:(id=0) number of AD servers: 1 number of clients: 1

 

FortiGate_80C # show user fsso config user fsso     edit "Local FSSO Agent"         set server "127.0.0.1"         set ldap-server "LDAP server"     next end

7 REPLIES 7
Albert
New Contributor

.

Albert
New Contributor

..

Albert
New Contributor

...

Albert
New Contributor

....

Sunil_Panchal_NSE7
New Contributor III

hi friend , i am sunil from kuwait 
what u need basically just let me know , i will help you in better way 
on you tube video is give to implement & use fsso but we have to create and policy according to our requirement and send me screen shot of your policy you created.
it better to use fsso agent full on DC. 
localhost

I agree with superindian.

Better look into using the fsso agent on your domain controller.

http://cookbook.fortinet.com/providing-single-sign-using-ldap-fsso-agent-advanced-mode-expert/

 

Anway, if you want to continue without FSSO Agent on your domain controller:

You are unable to access your domain controller:

 

[size="1"]polling frequency: every 10 second(s) success(0), [style="background-color: #ffff00;"]fail(10)[/style][/size] LDAP query: success(0), fail(0) LDAP max group query period(seconds): 0 [style="background-color: #ffff00;"]most recent connection status: err: server can not be accessible[/style]

 

[style="background-color: #ffffff;"][size="1"]My guess is wrong AD-User permissions. The user which you are using to poll your domain controller. This user needs access to the Domain Controller Security Log. [/size][/style]

[style="background-color: #ffffff;"][size="1"][size="3"]Try this debugging command:[/size][/size][/style]

 

#diag debug application fssod -1

#diag debug enable

 

[style="background-color: #ffffff;"][size="1"][size="3"]http://docs.fortinet.com/uploaded/files/1844/fortinet-single-sign-on-polling-mode-windows-AD-network...[/size][/size][/style]

 

 

Albert
New Contributor

I'm able to view OU's, user accounts and groups from FSSO, please have a look to the attached photo.

As for the command Connected FortiGate_80C # diag debug application fssod -1 FortiGate_80C # diag debug enable [size="1"]FortiGate_80C # [fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_peer.c:peer_rcv:93] Entering ...[/size] [size="1"][fsso_fgt.c:client_pkt_process:764] Received heartbeat[/size]

Labels
Top Kudoed Authors